XmlReaderSettings.MaxCharactersInDocument Property

Definition

Gets or sets a value indicating the maximum allowable number of characters in an XML document. A zero (0) value means no limits on the size of the XML document. A non-zero value specifies the maximum size, in characters.

public:
 property long MaxCharactersInDocument { long get(); void set(long value); };
public long MaxCharactersInDocument { get; set; }
member this.MaxCharactersInDocument : int64 with get, set
Public Property MaxCharactersInDocument As Long

Property Value

The maximum allowable number of characters in an XML document. The default is 0.

Examples

The following code sets this property, and then attempts to parse a document larger than the limit. In a real world scenario, you would set this limit to a value large enough to handle valid documents, yet small enough to limit the threat from malicious documents.

string markup = "<Root>Content</Root>";

XmlReaderSettings settings = new XmlReaderSettings();
settings.MaxCharactersInDocument = 10;

try
{
    XmlReader reader = XmlReader.Create(new StringReader(markup), settings);
    while (reader.Read()) { }
}
catch (XmlException ex)
{
    Console.WriteLine(ex.Message);
}
Dim markup As String = "<Root>Content</Root>"

Dim settings As XmlReaderSettings = New XmlReaderSettings()
settings.MaxCharactersInDocument = 10

Try
    Dim reader As XmlReader = XmlReader.Create(New StringReader(markup), settings)
    While (reader.Read())
    End While
Catch ex As XmlException
    Console.WriteLine(ex.Message)
End Try

This code produces the following output:

There is an error in XML document (MaxCharactersInDocument, ).

Remarks

A zero (0) value means no limits on the number of characters in the parsed document. A non-zero value specifies the maximum number of characters that can be parsed.

The maximum character count for the document includes the count of characters that result from expanded entities.

If the reader attempts to read a document with a size that exceeds this property, an XmlException will be thrown.

This property allows you to mitigate denial of service attacks where the attacker submits extremely large XML documents. By limiting the size of a document, you can detect the attack and recover reliably.

Applies to